PEAP-MSCHAPv2 authentication failure
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jan 23 13:15:32 CET 2006
Sayantan Bhowmick wrote:
> Hi ,
> I am trying to do PEAP MSCHAPv2 authentication. I am using
> FreeRADIUS version 1.1.0 on Suse 9.0 and WinXP as the Suplicant. When I
> select "Automatically use my Windows Logon name and password
> (and domain if any)" in the network properties, WinXP tries to login as
> domain-name\\user-name. I have enabled the "realm ntdomain" option in
> radiusd.conf and have created an entry in the proxy.conf file. However
> the authentication still fails. I am using eDirectory as my user store
> and (I cannot use the ntlm_auth option as I do not have a AD setup). The
> debug log is as follows. Can anyone please tell me how to get this
> working?
>
I realise there's a lot of data, but careful examination of the end of
the logfile shows?
> rlm_mschap: NT Domain delimeter found, should we have enabled
> with_ntdomain_hack?
Yes, you should have enabled that.
> rlm_mschap: Told to do MS-CHAPv2 for NOVELL-QT5M8B08\radiususer with
> NT-Password
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
...because you need to enable the with_ntdomain_hack
Hope that helps.
More information about the Freeradius-Users
mailing list